From c89cb610f51e7a5df5c4b7e9378a7ac8ac513e46 Mon Sep 17 00:00:00 2001 From: Krutika Dhananjay Date: Sat, 3 Dec 2016 09:09:15 +0530 Subject: afr, client: More mem-leak fixes in COMPOUND fop cbk Bugs found and fixed: 1. Use correct subvolume index in pre-op-writev compound cbk 2. Prevent use-after-free of local->compound_args members in compound fops cbk in protocol/client 3. Fix xdata and xattr leaks in client_process_response 4. Fix possible leak of xdata in client_pre_writev() in test mode. 5. Free req->compound_req_array.compound_req_array_val as well after freeing its members 6. Free tmp_rsp->flock.lk_owner.lk_owner_val in LK fop. Change-Id: I15b646d7d4e0e5cd4ea3d2d6452c815cf2eaf68f BUG: 1401218 Signed-off-by: Krutika Dhananjay Reviewed-on: http://review.gluster.org/16020 Smoke: Gluster Build System NetBSD-regression: NetBSD Build System Reviewed-by: Pranith Kumar Karampuri CentOS-regression: Gluster Build System --- xlators/cluster/afr/src/afr-transaction.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'xlators/cluster/afr/src/afr-transaction.c') diff --git a/xlators/cluster/afr/src/afr-transaction.c b/xlators/cluster/afr/src/afr-transaction.c index d23654d8354..bedc4069f09 100644 --- a/xlators/cluster/afr/src/afr-transaction.c +++ b/xlators/cluster/afr/src/afr-transaction.c @@ -1272,7 +1272,7 @@ afr_pre_op_writev_cbk (call_frame_t *frame, void *cookie, xlator_t *this, NULL, NULL, NULL); } else { write_args_cbk = &args_cbk->rsp_list[1]; - afr_inode_write_fill (frame, this, (long) i, + afr_inode_write_fill (frame, this, (long) child_index, write_args_cbk->op_ret, write_args_cbk->op_errno, &write_args_cbk->prestat, @@ -1283,6 +1283,8 @@ afr_pre_op_writev_cbk (call_frame_t *frame, void *cookie, xlator_t *this, call_count = afr_frame_return (frame); if (call_count == 0) { + compound_args_cleanup (local->c_args); + local->c_args = NULL; afr_process_post_writev (frame, this); if (!afr_txn_nothing_failed (frame, this)) { /* Don't unwind until post-op is complete */ @@ -1374,6 +1376,8 @@ afr_pre_op_fop_do (call_frame_t *frame, xlator_t *this, dict_t *xattr, */ compound_cbk = afr_pack_fop_args (frame, args, local->op, i); + local->c_args = args; + for (i = 0; i < priv->child_count; i++) { /* Means lock did not succeed on this brick */ if (!local->transaction.pre_op[i]) @@ -1389,7 +1393,10 @@ afr_pre_op_fop_do (call_frame_t *frame, xlator_t *this, dict_t *xattr, break; } - afr_compound_cleanup (args, xdata, newloc_xdata); + if (xdata) + dict_unref (xdata); + if (newloc_xdata) + dict_unref (newloc_xdata); return 0; err: local->internal_lock.lock_cbk = local->transaction.done; @@ -1399,7 +1406,10 @@ err: afr_restore_lk_owner (frame); afr_unlock (frame, this); - afr_compound_cleanup (args, xdata, newloc_xdata); + if (xdata) + dict_unref (xdata); + if (newloc_xdata) + dict_unref (newloc_xdata); return 0; } @@ -1428,6 +1438,8 @@ afr_post_op_unlock_cbk (call_frame_t *frame, void *cookie, xlator_t *this, UNLOCK (&frame->lock); if (call_count == 0) { + compound_args_cleanup (local->c_args); + local->c_args = NULL; if (local->transaction.resume_stub) { call_resume (local->transaction.resume_stub); local->transaction.resume_stub = NULL; @@ -1509,6 +1521,8 @@ afr_post_op_unlock_do (call_frame_t *frame, xlator_t *this, dict_t *xattr, } } + local->c_args = args; + for (i = 0; i < priv->child_count; i++) { /* pre_op[i] has to be true for all nodes that were * successfully locked. */ @@ -1524,7 +1538,10 @@ afr_post_op_unlock_do (call_frame_t *frame, xlator_t *this, dict_t *xattr, break; } out: - afr_compound_cleanup (args, xdata, newloc_xdata); + if (xdata) + dict_unref (xdata); + if (newloc_xdata) + dict_unref (newloc_xdata); return 0; } -- cgit